Matt Lewis discovered that Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases. For the old stable distribution , this problem has been fixed in version 1.4.2dfsg1-3. For the stable distribution , this problem has been fixed in version 1.5.1dfsg1-4. For the unstable distribution , this problem has been fixed in version 1.6.4dfsg-1. We recommend that you upgrade your Subversion packages.